What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-29 06:31:00 | BrandPost: Detecting Suspicious Activity on AWS Using Cloud Logs (lien direct) | AWS offers a large spectrum of services and compute. The “shared responsibility” model in cloud presents a simplified structure of organization responsibilities and cloud provider responsibilities. Generally, identity and access management (IAM), applications, and data form the dividing line, but lines blur depending on the given cloud service the organization is consuming. This is true of all cloud providers, including the AWS Shared Responsibility Model.Deployment mistakes, misconfigurations, use of vulnerable AMI or container images, or other changes made to AWS service configurations create security problems for organizations, exposing it to possible security incidents or breaches. We've seen no shortage of stories about ransomware attacks, privilege escalation, system compromise, data exfiltration, malicious cryptomining, and other negative outcomes.To read this article in full, please click here | Ransomware | ||
|
2022-08-25 06:00:00 | DNS data indicates increased malicious domain activity, phishing toolkit reuse (lien direct) | New research from cybersecurity vendor Akamai has revealed that 12.3% of monitored devices communicated with domains associated with malware or ransomware at least once during the second quarter of 2022. This represented a 3% increase compared to Q1 2022, the firm stated, with phishing toolkits playing a key role in malicious domain-related activity. The findings are based on DNS data and Akamai's visibility into carrier and enterprise traffic across different industries and geographies.Increased malware, phishing, C2 domain activity detected in Q2 2022 In a blog post detailing its research, Akamai stated that, in addition to the devices it detected communicating with domains associated with malware/ransomware, a further 6.2% of devices accessed phishing domains with 0.8% accessing command-and-control (C2)-associated domains (both small increases on Q1 2022). “While this number might seem insignificant, the scale here is in the millions of devices,” the firm wrote. “When this is considered, with C2 being the most malignant of threats, this is not only significant, it's cardinal.”To read this article in full, please click here | Ransomware Malware | ||
|
2022-08-24 12:34:00 | WannaCry explained: A perfect ransomware storm (lien direct) | What is WannaCry? WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain's National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization that may be connected to the North Korean government.To read this article in full, please click here | Ransomware Vulnerability Medical | Wannacry Wannacry APT 38 | |
|
2022-08-24 03:49:00 | New ransomware HavanaCrypt poses as Google software update (lien direct) | A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason, the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn't seem to be dropping a traditional ransom note.HavanaCrypt deployment The researchers don't have a lot of information about the initial access vector because the sample they analyzed was obtained from VirusTotal, a web-based file scanning service, where it was likely uploaded by a victim. What is clear is that the metadata of the malicious executable has been modified to list the publisher as Google and the application name as Google Software Update and upon execution it creates a registry autorun entry called GoogleUpdate. Based on this information, one could assume that the lure used to distribute the ransomware, either via email or the web, is centered around a fake software update.To read this article in full, please click here | Ransomware | ||
|
2022-08-24 03:00:00 | Why business email compromise still tops ransomware for total losses (lien direct) | While businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques-business email compromise (BEC).Enterprise security has skewed toward ransomware in recent years, but FBI data highlights that enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.To read this article in full, please click here | Ransomware Threat | ||
|
2022-08-17 12:10:00 | New Deep Instinct partner program targets MSSPs fighting ransomware (lien direct) | Cybersecurity firm Deep Instinct has rolled out a new partner program to provide its endpoint and application protection software to managed security service providers (MSSPs), the company announced Wednesday.The Stratosphere program was initially announced in April, and designed as a simplified channel program that focuses on expected partner margins, instead of set discounts on the product. Volume-based recognition and “medallion tiers” for sales are out. Instead, the company is offering “loyalty points” for achieving a range of different sales-related goals-like creating leads, getting customers certified, or completing business plans.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-08-17 02:00:00 | Ransomware safeguards for small- to medium-sized businesses (lien direct) | The Institute for Security and Technology (IST) recently released a “Blueprint for Ransomware Defense.” The guide includes recommendations of defensive actions for small- and medium-sized businesses (SMBs) to protect against and respond to ransomware and other common cyberattacks. It focuses on the identify, protect, respond, and recover format that aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. IST's guidelines do not include one item from the NIST framework: the detect function. The authors recommends that SMBs should work with a cybersecurity services provider for that function.To read this article in full, please click here | Ransomware | ||
|
2022-08-11 07:48:00 | What happened to the Lapsus$ hackers? (lien direct) | [Editor's note: This article originally appeared on the CSO Germany website on July 29.]Claire Tills, senior research engineer at Tenable, describes the methods of the hacking group Lapsus$ as bold, illogical and poorly thought out. The criminals attacked renowned companies such as Microsoft, Samsung, Nvidia, Vodafone, Ubisoft and Okta. They stole data and sometimes used ransomware to extort their victims.To read this article in full, please click here | Ransomware | ||
|
2022-08-11 02:00:00 | Black Basta: New ransomware threat aiming for the big league (lien direct) | Many ransomware gangs have risen to the top over the years only to suddenly disband and be replaced by others. Security researchers believe many of these movements in the ransomware space are intentional rebranding efforts to throw off law enforcement when the heat gets too high. This is also the suspicion for Black Basta, a relatively new ransomware operation that saw immediate success in several months of operation. Some believe it has splintered off from the infamous Conti gang.To read this article in full, please click here | Ransomware Threat | ||
|
2022-08-08 10:05:00 | Ransomware, email compromise are top security threats, but deepfakes increase (lien direct) | While ransomware and business email compromise (BEC) are leading causes of security incidents for businesses, geopolitics and deepfakes are playing an increasing role, according to reports from two leading cybersecurity companies.VMware's 2022 Global Incident Threat Response Report shows a steady rise in extortionary ransomware attacks and BEC, alongside fresh jumps in deepfakes and zero-day exploits.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-08-03 02:00:00 | Tips to prevent RDP and other remote attacks on Microsoft networks (lien direct) | One long-favored way that ransomware enters your system is through Microsoft's Remote Desktop Protocol (RDP) attacks. Years ago when we used Microsoft's Terminal Services (from which RDP evolved) for shared remote access inside or outside of an office, attackers would use a tool called TSGrinder. It would first review a network for Terminal Services traffic on port 3389. Then attackers would use tools to guess the password to gain network access. They would go after administrator accounts first. Even if we changed the administrator account name or moved the Terminal Services protocol to another port, attackers would often sniff the TCP/IP traffic and identify where it was moved to.To read this article in full, please click here | Ransomware Tool | ||
|
2022-07-28 15:04:00 | BrandPost: CISOs Are Focused on These 3 Trends, Are You? (lien direct) | Security leaders are facing growing pressures in today's rapidly evolving cyber landscape. The rise in remote work means that many organizations are managing a complex web of in-person, online, and hybrid work scenarios while also juggling cloud migration to support their diversified workforce. There's also the increase in the sheer volume of cyber attacks to contend with; between July 2020 and June 2021, there was a 1,070% increase in ransomware attacks alone.[1]For Chief Information Security Officers (CISOs), this has created a variety of new challenges to contend with. Based on our conversations with security leaders, Microsoft has identified the top three focus areas that CISOs are prioritizing today so you can understand what steps your organization should take to guard against ongoing cybersecurity threats.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-07-27 02:00:00 | Best practices for recovering a Microsoft network after an incident (lien direct) | Whenever I am dealing with cloud services or remote consultants, the one thing that gives me the greatest pause is keeping track of and protecting credentials. Doing so requires multiple backups, cloud resources, and tested backup and recovery processes.We have our normal password management processes, password storage tools, and encryption processes. Then disaster strikes. Your servers are hit with ransomware or hacked. A device with critical passwords is stolen. A multi-factor authentication device is lost. All these disasters could cause you or someone in your firm to be less than secure in how they handle the transfer and recovery of servers and key operations. How often do you or your consultants test to see if they can handle the recovery process under stress?To read this article in full, please click here | Ransomware | ||
|
2022-07-22 11:20:00 | Cybercrime escalates as barriers to entry crumble (lien direct) | An underground economy that mirrors its legitimate ecommerce counterpart is supercharging online criminal behavior, according to a report released Thursday by HP Wolf Security in collaboration with Forensic Pathways. Cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a software-as-a-service (SaaS) basis, allowing people with even rudimentary IT skills to launch cyberattacks at targets of their choosing, the report notes.It found that competition in the underground has driven down the price of malicious tools, making them affordable to anyone. In an analysis of 174 exploits advertised on the dark web, HP Wolf researchers found an overwhelming number (91%) were selling for less than $10. A look at 1,653 malware ads revealed more than three quarters (76%) selling for under $10. And on average, information stealers were selling for $5, remote access Trojans (RATs) for $3, exploits for $2.23, and crypters for $1.To read this article in full, please click here | Ransomware Malware | ||
|
2022-07-21 13:39:00 | Ransomware attacks slowing as 2022 wears on (lien direct) | Total ransomware attacks for the second quarter of 2022 totaled 574, representing a 34% slowdown compared to the first quarter of the year, according to a report released Thursday by GuidePoint Research.The most impacted industries were manufacturing and construction, GuidePoint's report said, accounting for 18.3% of all claimed attacks during the quarter. The tech sector was also heavily targeted, as were government agencies. The US was the most-attacked country, according to the report, representing nearly a quarter of all global ransomware victims.To read this article in full, please click here | Ransomware | ||
|
2022-07-13 02:00:00 | 10 tasks for a mid-year Microsoft network security review (lien direct) | It's the middle of 2022 and it's a perfect time to review your plans, goals and risks to your network, especially given the changing threat landscape. Ransomware, for example, has become more human targeted. Ransomware operators are now looking for additional methods and payloads as well as using extortion. Ransomware entry points range from targeting email and phishing lures as well as unpatched vulnerabilities to more targeted attacks.With that in mind, these are the ten tasks you should do for your mid-year security review:1. Review access and credential policies for third parties Attackers will scan for Remote Desktop Protocol (RDP) access and use brute-force attacks like credential stuffing. They know that people tend to reuse credentials that the attackers obtain from stolen databases to attempt to gain access in your network.To read this article in full, please click here | Ransomware Threat | ||
|
2022-07-08 13:08:00 | Feds wave red flag over Maui ransomware (lien direct) | A cybersecurity advisory about the ransomware known as Maui has been issued by the FBI, CISA and U.S. Treasury Department. The agencies assert that North Korean state-sponsored cyber actors have used the malware since at least May 2021 to target healthcare and public health sector organizations.The FBI surmises that the threat actors are targeting healthcare organizations because those entities are critical to human life and health, so they're more likely to pay ransoms rather than risk disruption to their services. For that reason, the FBI and other agencies issuing the advisory maintain the state-sponsored actors will continue to target healthcare organizations.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-07-05 02:00:00 | LockBit explained: How it has become the most popular ransomware (lien direct) | LockBit is one of the most prominent ransomware-as-a-service (RaaS) operations that has targeted organizations over the past several years. Since its launch in 2019, LockBit has constantly evolved, seeing unprecedented growth recently driven by other ransomware gangs disbanding.The LockBit creators sell access to the ransomware program and its infrastructure to third-party cybercriminals known as affiliates who break into networks and deploy it on systems for a cut of up to 75% of the money paid by victims in ransoms. Like most similar RaaS gangs, LockBit engages in double extortion tactics where its affiliates also exfiltrate data out of victim organizations and threaten to publish it online.To read this article in full, please click here | Ransomware | ||
|
2022-07-04 05:22:00 | Asia could be placing all the wrong cybersecurity bets (lien direct) | Over two-thirds (69%) of security leaders in Asia are confident about their organization's cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-06-29 02:00:00 | Why more zero-day vulnerabilities are being found in the wild (lien direct) | The number of zero-days exploited in the wild has been high over the past year and a half, with different kinds of actors using them. These vulnerabilities, which are unknown to the software maker, are leveraged by both state-sponsored groups and ransomware gangs.During the first half of this year, Google Project Zero counted almost 20 zero-days, most of which target products built by Microsoft, Apple and Google, with browsers and operating systems taking up large chunks. In addition, a critical remote code execution vulnerability was found in Atlassian's Confluence Server, which continues to be exploited. But in 2021, the number of in-the-wild zero-days was even higher. Project Zero found 58 vulnerabilities, while Mandiant detected 80--more than double compared to 2020.To read this article in full, please click here | Ransomware Vulnerability | ||
|
2022-06-27 02:00:00 | 5 years after NotPetya: Lessons learned (lien direct) | On June 27, 2017, the eve of Ukraine's Constitution Day holiday, a major global cyberattack was launched, infecting more than 80 companies in that country using a brand-new cyber pathogen that became known as NotPetya. NotPetya didn't stay within Ukraine's borders but spilled out to infect and cause havoc for thousands of organizations across Europe and worldwide.NotPetya was so named because it was similar to but different from Petya, a self-propagating ransomware virus discovered in 2016 that, unlike other nascent forms of ransomware at the time, was incapable of being decrypted. In another departure from the earlier forms of ransomware, Petya also overwrote and encrypted master boot records and was, therefore, considered more a form of wiper malware than bona fide ransomware.To read this article in full, please click here | Ransomware Malware | NotPetya NotPetya | |
|
2022-06-22 02:00:00 | How Microsoft Purview can help with ransomware regulatory compliance (lien direct) | Nations across the globe are taking regulatory action to reduce the ransomware threat. In March, for example, new U.S. ransomware reporting requirements were signed into law. Covered entities that experience a cyber incident must report it to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours after the covered entity believes that the incident occurred. Additional guidance is still being worked on but at a minimum the following requirements will be included: Identify and describe the function of the affected information systems, networks that were, or are reasonably believed to have been affected by such cyber incident. Describe the unauthorized access with substantial loss of confidentiality, integrity, or availability of the affected information systems or network or disruption of business or industrial operations. Estimate the date range of such incident. Assess the impact to the operations of the covered entity. Report ransomware payments within 24 hours after they have been made. Submit any new or different information that becomes available surrounding the ransomware attack to CISA. Preserve data relevant to the covered cyber incident or ransom payment. Think of that list. Would you be able to report within 72 hours that you'd had a ransomware incident? Wouldn't you still be in the middle of trying to recover from an incident? This is often the major difference between smaller businesses and larger businesses. Small businesses just want to get back in business. They often don't want to deal with the reporting side or, worse, would not have the means to notify every impacted customer that their data is at risk.To read this article in full, please click here | Ransomware | ||
|
2022-06-21 21:00:00 | BrandPost: What Every Enterprise Can Learn from Russia\'s Cyber Assault on Ukraine (lien direct) | In January, the Microsoft Threat Intelligence Center (MSTIC) discovered wiper malware in more than a dozen networks in Ukraine. Designed to look like ransomware but lacking a ransom recovery mechanism, we believe this malware was intended to be destructive and designed to render targeted devices inoperable rather than obtain a ransom. We alerted the Ukrainian government and published our findings.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-06-17 07:52:00 | BrandPost: Is Stopping a Ransomware Attack More Important than Preventing One? (lien direct) | The sophistication and frequency of ransomware attacks is growing. According to Akamai CTO Robert Blumofe, ransomware has become “a repeatable, scalable, money-making business model that has completely changed the cyberattack landscape.” Conti, for example, the cybercrime giant that operates much like the businesses it targets – with an HR department and employee of the month – not only aims to make money but to carry out politically motivated attacks. (Learn more in our Ransomware Threat Report H1 2022.)To read this article in full, please click here | Ransomware Threat | ||
|
2022-06-16 13:32:00 | Ransomware could target OneDrive and SharePoint files by abusing versioning configurations (lien direct) | Researchers warn that documents hosted in the cloud might not be out of reach for ransomware actors and that while they're harder to permanently encrypt due to the automated backup features of cloud service, there are still ways to make life hard for organizations.Researchers from Proofpoint have devised a proof-of-concept attack scenario that involves abusing the document versioning settings in Microsoft's OneDrive and SharePoint Online services that are part of Office 365 and Microsoft 365 cloud offerings. Furthermore, since these services provide access to most of their features through APIs, potential attacks can be automated using command-line interface and PowerShell scripts.To read this article in full, please click here | Ransomware | ||
|
2022-06-14 02:00:00 | Ransomware attacks are increasing with more dangerous hybrids ahead (lien direct) | Over the past several years, the emergence of big-ticket, destructive ransomware attacks jolted the U.S. government into action to circumscribe the predominately Russian-based threat actors behind the scourge. At the same time, ransomware has been a critical factor driving the growth in corporate cybersecurity budgets as organizations grapple with the often-crippling threat.Despite the policy measures and increased private sector funding to slow down the drumbeat of attacks, ransomware threats remained a top topic at this year's RSA conference. Experts at the event underscored that Russian state-sanctioned criminal actors are not the only ransomware threat actors to fear, nor are ransomware attacks decreasing despite the intensified efforts to nip them in the bud. The same actions taken to quash ransomware activity might end up forging alliances among financially motivated threat actors to create hybrid cyber-attacks that meld social engineering with ransomware.To read this article in full, please click here | Ransomware Threat | ||
|
2022-06-07 07:34:00 | How the Colonial Pipeline attack has changed cybersecurity (lien direct) | It's been just over a year since the American public got a taste of what a cyberattack could do to their way of life. A ransomware sortie on Colonial Pipeline forced its owners to shut down operations and leave half the country's East Coast in a lurch for refined oil. Since that time, efforts have aimed at making the nation's critical infrastructure more resilient and to counter the scourge of ransomware. The question is whether enough is being done fast enough."The attack on Colonial Pipeline was an eye-opener-not so much because of the risks about ransomware, but because of the threat landscape moving dangerously close to the critical infrastructure that underpins societies," says Gartner Vice President, Analyst Katell Thielemann . "On that front, it was a wake-up call that spurred all kinds of activities, from cybersecurity sprints in the electric utility sector led by the Department of Energy to security directives from the TSA to pipeline, rail, and airport operators, to a new law establishing upcoming mandates for incident reporting."To read this article in full, please click here | Ransomware Threat | ||
|
2022-06-02 08:04:00 | Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants (lien direct) | Leaked internal chats from the Conti ransomware gang suggests the group has been researching and developing code to compromise the Intel Management Engine (Intel ME), the out-of-band management functionality built into Intel chipsets. The goal of this technique is to install malicious code deep inside computer firmware where it cannot be blocked by operating systems and third-party endpoint security products.Firmware implants are powerful and are usually used in high-value operations by state-sponsored hacker groups. However, over the past couple of years cybercriminal gangs have also shown an interest, with developers of the notorious TrickBot botnet adding an UEFI attack module in 2020. According to new research by security firm Eclypsium, the Conti ransomware group developed proof-of-concept code to exploit Intel ME firmware and gain code execution in System Management Mode, a highly privileged execution environment of the CPU.To read this article in full, please click here | Ransomware | ||
|
2022-06-02 02:00:00 | Ransomware roundup: System-locking malware dominates headlines (lien direct) | As we head into the unofficial start of summer, it does not appear the criminal groups that run ransomware schemes are planning to take any time to rest. Ransomware was all over the infosec news headlines in the past week, with one new report revealing that its presence has grown more in the last year than in the past several years combined.Here's roundup of noteworthy ransomware stories you might have missed.DBIR finds ransomware increased by double digits Verizon Business' annual Data Breach Investigations Report (DBIR) is out and confirms what many CISOs already know: ransomware continues to plague business. Ransomware-related breach instances rose 13%, an increase larger than in the past 5 years combined.To read this article in full, please click here | Ransomware Data Breach Malware | ||
|
2022-05-31 02:00:00 | Conti ransomware explained: What you need to know about this aggressive criminal group (lien direct) | Conti has been one of the most aggressive ransomware operations over the past two years and continues to victimize many large companies as well as government, law enforcement and healthcare organizations. Researchers warn that unlike other ransomware groups that generally care about their reputation, Conti doesn't always deliver on its promises to victims."Usually, the more successful ransomware operators put a lot of effort into establishing and maintaining some semblance of 'integrity' as a way of facilitating ransom payments from victims," researchers from Palo Alto Networks said in an analysis. "They want to establish stellar reputations for 'customer service' and for delivering on what they promise-that if you pay a ransom, your files will be decrypted (and they will not appear on a leak website). Yet in our experience helping clients remediate attacks, Conti has not demonstrated any signs that it cares about its reputation with would-be victims."To read this article in full, please click here | Ransomware | ||
|
2022-05-26 13:59:00 | New Linux-based ransomware targets VMware servers (lien direct) | Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs) that share the same hard drive storage. Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs-such as LockBit, Hive and RansomEXX-that have found ESXi an efficient way to infect many computers at once with malicious payloads.Roger Grimes, a defense evangelist with security awareness training provider KnowBe4, explains that most of the world's organizations operate using VMware virtual machines. "It makes the job of ransomware attackers far easier because they can encrypt one server-the VMware server-and then encrypt every guest VM it contains. One compromise and encryption command can easily encrypt dozens to hundreds of other virtually run computers all at once."To read this article in full, please click here | Ransomware | ||
|
2022-05-25 07:02:00 | Chaos ransomware explained: A rapidly evolving threat (lien direct) | The Chaos ransomware builder started out last year as a buggy and unconvincing impersonation of the notorious Ryuk ransomware kit. It has since gone through active development and rapid improvements that have convinced different attacker groups to adopt it. The latest version, dubbed Yashma, was first observed in the wild in mid-May and contains several enhancements.One successful ransomware operation known as Onyx hit U.S.-based emergency services, medical facilities and organizations from several other industries over the past year. It uses a variation of the Chaos ransomware, according to security researchers."What makes Chaos/Yashma dangerous going forward is its flexibility and its widespread availability," researchers from BlackBerry said in a new report. "As the malware is initially sold and distributed as a malware builder, any threat actor who purchases the malware can replicate the actions of the threat group behind Onyx, developing their own ransomware strains and targeting chosen victims."To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-05-19 02:00:00 | WannaCry 5 years on: Still a top threat (lien direct) | Who doesn't love an anniversary and the opportunity to reminisce about “where we were” when an historical event happened? Such is the case over the last several days when it comes to remembering WannaCry, the ransomware that infected thousands of computers five years ago and cost companies all over the world billions of dollars in damages.WannaCry broke onto the infosec scene on May 12, 2017. Taking advantage of the vulnerable version of the Server Message Block (SMB) protocol, it ultimately infected approximately 200,000+ machines in more than 150 countries. While Microsoft had issued a patch for the SMB flaw more than a month before the attacks began, millions of computers had not been unpatched against the bug. The largest ransomware attack ever, it impacted several big names globally, including the UK's National Health Service, US delivery giant FedEx, and Deutsche Bahn, the German railway company.To read this article in full, please click here | Ransomware Threat | FedEx Wannacry | |
|
2020-10-22 05:48:00 | US Treasury Department ban on ransomware payments puts victims in tough position (lien direct) | Earlier this month, the US Treasury Department's Office of Foreign Assets Control (OFAC) warned organizations making ransomware payments that they risk violating economic sanctions imposed by the government against cybercriminal groups or state-sponsored hackers. The advisory has the potential to disrupt the ransomware monetization model, but also puts victims, their insurers and incident response providers in a tough situation where this type of attack could cost much more and take much longer to recover from. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware | ||
|
2020-07-08 03:00:00 | How to protect Windows networks from ransomware attacks (lien direct) | Honda's Customer Service and Financial Services were apparently hit by a ransomware attack recently. Kaspersky found samples in the VirusTotal database that make it appear that the company was targeted by the Snake ransomware. This incident made me think about what we can learn from how Honda was targeted to better protect Windows networks from ransomware attacks. | Ransomware | ||
|
2020-05-21 06:39:00 | BrandPost: Real Time Matters in Endpoint Protection (lien direct) | Given the speed and potentially devastating impact of malware targeting your end users and devices (think ransomware these days), if your endpoint security isn't able to react immediately, the fight is over – and you will have lost. Sodinbiki ransomware, for example, starts encrypting files in seconds and can complete its job on an entire disk in as little as 5 minutes (depending on disk volume). From there, it can easily spread to network drives as well as throughout the organization. | Ransomware Malware | ||
|
2020-05-12 03:00:00 | Ryuk ransomware explained: A targeted, devastatingly effective attack (lien direct) | What is Ryuk ransomware? | Ransomware | ||
|
2020-03-11 05:54:00 | Deloitte: 8 things municipal governments can do about ransomware (lien direct) | The IT systems of the City of Durham and Durham County in North Carolina have been shuttered since a successful ransomware attack struck the municipalities on the evening of March 6. Although details are still sketchy, the North Carolina Bureau of Investigation indicated the attackers used Russian-made malware known as Ryuk. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware | Deloitte | |
|
2020-02-10 03:00:00 | More targeted, sophisticated and costly: Why ransomware might be your biggest threat (lien direct) | Ransomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had. Moreover, some attacks are now gaining a new data leak component, which exposes companies to more than the traditional data loss associated with ransomware. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware Threat | ||
|
2019-08-20 06:23:00 | IDG Contributor Network: Have you been ransomware\'d yet? (lien direct) | If you don't know what ransomware is, chances are you haven't been victimized – yet. Let's clear the fog. Ransomware is a type of virus designed to deny access to a computer system or data until a ransom is paid.Some of the most vulnerable and critical agencies are being targeted – state, city and educational institutions. Recent state and local ransomware attacks include the cities of Baltimore and Albany, school districts in Louisiana and 23 cities in Texas. And this is only going to get worse. | Ransomware | ||
|
2019-07-15 03:00:00 | To pay or not pay a hacker\'s ransomware demand? It comes down to cyber hygiene (lien direct) | Baltimore Mayor Jack Young announced last week that the U.S. Conference of Mayors (UCSM) passed a resolution calling on mayors to oppose the payment of ransomware attackers. The resolution states that “at least 170 county, city or state government systems have experienced a ransomware attack since 2013” with 22 of those occurring in 2019 so far. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware | ||
|
2019-05-01 04:54:00 | Why local governments are a hot target for cyberattacks (lien direct) | Over the course of the past few weeks, a seemingly stepped-up wave of malware and ransomware infections has struck a number of municipalities across the U.S. On April 10, the city of Greenville, North Carolina, had to disconnect most city-owned computers from the Internet due to what officials said was a RobinHood ransomware infection, a duplicitous piece of malware that pretends to raise awareness and funds for the people of Yemen. On April 13, Imperial County, California was hit with Ryuk ransomware, which is designed to target enterprise environments, forcing its website to go dark and causing some city systems to malfunction, including a number of departments' phone lines. On the same day Imperial County was infected, the city of Stuart, Florida, was hit by Ryuk ransomware, forcing system shut-downs affecting payroll, utilities and other vital functions, including police and fire departments. On April 18, an unspecified piece of malware, likely ransomware, crippled the city's computer network in Augusta, Maine. On April 21, the municipally owned airport in Cleveland, Ohio, Cleveland Hopkins International airport, was struck by still-unspecified malware, causing the airport's flight and baggage information boards to go dark, an outage that lasted at least five days. [ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware Malware | ||
|
2019-03-18 03:31:00 | Ransomware attack drives city to seek greater network visibility (lien direct) | Local governments have been under siege from ransomware attacks in recent years. Colorado announced a state of emergency and called in the National Guard's cyber team to help after its Department of Transportation was hit with SamSam ransomware in February 2018. March 2018 saw the City of Atlanta crippled by SamSam in an attack that cost an estimated $2.6 million to fix (against an original ransom of $52,000). In January 2019, the website for Dublin's Luas tram system also fell victim to an extortion attack. | Ransomware | ||
|
2019-02-27 08:46:00 | Ransomware attacks hit Florida ISP, Australian cardiology group (lien direct) | After Florida ISP Network Tallahassee was hit with a ransomware attack, the broadband provider reportedly paid a $6,000 ransom. Details of the attack – such the type of ransomware and how many customers were affected – were not revealed. We know only that the infection was discovered on Saturday. The Tallahassee Democrat quoted a former cop as saying he could no longer send email on Monday, but he could still receive it.As of Wednesday morning, the afflicted ISP's site is still down, but the company left the following voicemail for customers who called in on Monday: “We have been in contact with the hackers and paid the ransom and have been advised it will be tomorrow, Tuesday, before we get the compiled encrypter tools. If the hackers deliver, it will probably be Wednesday before we are partially back up and running.” | Ransomware | ||
|
2019-01-14 03:00:00 | How to protect backups from ransomware (lien direct) | Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against several major newspapers demonstrated this month. It is also becoming more capable. In particular, ransomware writers are aware that backups are an effective defense and are modifying their malware to track down and eliminate the backups. | Ransomware Malware | ||
|
2019-01-02 08:16:00 | Major US newspapers crippled by Ryuk ransomware attack (lien direct) | Ryuk ransomware is believed to be the culprit behind printing and delivery issues for “all Tribune Publishing newspapers” - as well as newspapers that used to be part of Tribune Publishing.The malware was discovered and later quarantined on Friday, but the security patches failed to hold when the servers were brought back online and the ransomware began to re-infect the network and impact servers used for news production and manufacturing processes. A Tribune spokesperson said the malware “impacted some back-office systems, which are primarily used to publish and produce newspapers across our properties.” | Ransomware Malware | ||
|
2018-12-03 07:08:00 | BrandPost: Understanding the Attack Chain (lien direct) | Today's security teams are struggling to keep pace with the changes in their networks. Multi-cloud, virtualization, the explosion of IoT and BYOD devices, agile software development, and the crushing volume and speed of data-not to mention Shadow IT- have resources stretched thin. Meanwhile, cybercriminals have been undergoing their own digital transformation. Machine learning and agile development, new sophisticated attacks like ransomware and cryptomining, combined with Dark Web crime-as-a-service offerings mean that attacks are faster, harder to detect, and better at finding and exploiting vulnerabilities. | Ransomware | ||
|
2018-10-18 03:00:00 | 7 best practices for negotiating ransomware payments (lien direct) | Whether through ransomware, data theft, a distributed denial of service attack (DDoS) attack or General Data Protection Regulation (GDPR)-based extortion, criminals demanding money from organizations in exchange for the return of data or to continue business operations continues to be a common occurrence. The best advice, of course, is not to pay, but as a last resort some organizations might feel the need to negotiate with cybercriminals during a cyberattack. | Ransomware | ||
|
2018-10-17 08:22:00 | (Déjà vu) Ransomware attack hits North Carolina water utility following hurricane (lien direct) | Bad timing, bad luck or heartless baddies - maybe all three came into play when a critical water utility in North Carolina, which was still recovering from Hurricane Florence, was brought to its knees by a ransomware attack.Despite still dealing with the aftermath of Hurricane Florence, which ripped through the state in September, Onslow Water and Sewer Authority (ONWASA) said it has no intention of paying the ransom demanded. In the Jacksonville, North Carolina, utility's words, it “will not negotiate with criminals nor bow to their demands.” | Ransomware | ||
|
2018-10-17 08:22:00 | (Déjà vu) Ransomware attack hit North Carolina water utility in aftermath of hurricane (lien direct) | Bad timing, bad luck or heartless baddies, maybe all three came into play when a critical water utility in North Carolina, which was still recovering from the effects of a hurricane disaster, was brought to its knees by a ransomware attack.Despite still dealing with the aftermath of Hurricane Florence, which ripped through in September, Onslow Water and Sewer Authority (ONWASA) said it has no intention of paying the ransom demanded. In the Jacksonville, North Carolina, utility's words, it “will not negotiate with criminals nor bow to their demands.” | Ransomware |
To see everything:
Our RSS (filtrered)
